Friday, January 4, 2008

Coolest Hacks

The Five Coolest Hacks of 2007

Hackers are creative folk, for sure. But some researchers are more imaginative and crafty than others. We're talking the kind of guys who aren't content with finding the next bug in Windows or a Cisco router. Instead, they go after the everyday things we take for granted even more than our PCs -- our cars, our wireless connections, and (gulp) the electronic financial trading systems that record our stock purchases and other online transactions.

1. The car navigation systemDECEMBER 31, 2007 A pair of Italian researchers earlier this year drove right through holes they discovered in some car navigation systems -- vulnerabilities that would let an attacker inject phony messages into the system or launch a denial-of-service attack against it. (See Hacking the Car Navigation System.)

2. WiFi 'sidejacking'DECEMBER 31, 2007 First it was the Ferret, then the Hamster: WiFi will never be safe again. Researcher Robert Graham, CEO of Errata Security, wowed (and in some cases, shamed) the Black Hat DC and Las Vegas crowds this year with live hacks of attendees who dared to use the WiFi network unprotected, using his homegrown WiFi sniffing tools that basically sniff and grab WiFi traffic out of the air.

3. Eighteen-wheelersDECEMBER 31, 2007 Truckers are sleep-deprived enough without having to worry about their RFID-based electronic product code (EPC)-based load of plasma TVs getting hacked while they park and snooze at a truck stop. But researchers from fuzzing tool PacketFocus Security Solutions have shown that's a very real threat. (See Hacking Truckers.)

4. 'Hacking capitalism'DECEMBER 31, 2007 The financial services industry is typically on the leading edge when it comes to adopting new security technologies and standards. But researchers at Matasano Security this year revealed that one of the most popular application-layer protocols used by financial services firms, stock exchanges, and investment banks for automated financial trading, has some serious security holes. (See 'Hacking Capitalism'.)

5. iPhoneDECEMBER 31, 2007 Hacking and bypassing the iPhone's exclusive service with AT&T was all the rage when the new device first got into user's palms this year, but it wasn't until researcher HD Moore added an iPhone hacking module to the Metasploit penetration testing tool that the real iPhone hacking could begin. (See Metasploit Adds iPhone Hacking Tools and i Caramba! iPhone Hacked Already.)